4 matches found
CVE-2025-66838
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...
PT-2026-1864
Name of the Vulnerable Software and Affected Versions ARIS version 10.0.23.0.3587512 Description A file upload issue exists in ARIS version 10.0.23.0.3587512. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file containing malware. The vulnerability involves...
PT-2026-1865
Name of the Vulnerable Software and Affected Versions Aris versions prior to 10.0.23.0.3587512 Description The file upload functionality does not implement rate limiting or throttling, enabling unrestricted file uploads. This allows an attacker to upload a large number of files quickly, potential...
Software ARIS 安全漏洞
Software ARIS is a business process analysis tool from Software, Germany. A security vulnerability exists in Software ARIS version 10.0.23.0.3587512, which stems from a flaw in the file upload functionality that could lead to the execution of arbitrary code...